add privacy policy

This commit is contained in:
hippoz 2022-10-19 18:47:59 +03:00
parent 5062d34468
commit 26948e2dc3
No known key found for this signature in database
GPG key ID: 7C52899193467641
4 changed files with 542 additions and 0 deletions

View file

@ -66,6 +66,10 @@ const makePage = ({ name, description, title }) => content => [`
<main class="Card Card-layout"> <main class="Card Card-layout">
${content} ${content}
</main> </main>
<footer class="Navigation Card Card-layout">
<span class="Navigation-branding">&copy; 2022 Hippoz</span>
${linkButton({ link: "legal/privacy.html", text: "Privacy Policy" })}
</footer>
</body> </body>
</html> </html>
`, content]; `, content];

Binary file not shown.

411
out/legal/privacy.html Normal file
View file

@ -0,0 +1,411 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="${description}">
<title>Hippoz.</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="main-container">
<div class="branding-container">
<span class="branding-primary">hippoz</span>
<span class="branding-secondary">privacy policy</span>
</div>
<p>Last updated: October 19, 2022</p>
<h2>Who We Are?</h2>
<p>Hippoz</p>
<h2>What Personal Data We Collect?</h2>
<p>We collect following personal data (collectively called User Personal Information):</p>
<ol>
<li>Registration information (username, email, password, etc.)</li>
<li>Profile information for your Account (such as your full name, biography, website, gpg key, and
location.)</li>
<li>Usage information (pages you view, your IP address, referring site, session information, and request
date and time.)</li>
<li>Device information (its IP address, client application information, language preference, operating
system and application version, device type, ID, model and manufacturer.)</li>
<li>Git data that you upload to a repository</li>
<li>Cookies and Similar Technologies</li>
</ol>
<p>We may also collect User Personal Information from third-parties (vendors, partners, or affiliates). We
don't
purchase them from third-party data brokers, though.</p>
<p>However, we don't intentionally collect sensitive information (such as racial or ethnic origin, political
affiliations, religious/philosophical beliefs, biometric data, etc.)</p>
<!--If you choose to store any of such data on our servers, you are responsible for complying with any regulations regarding them.-->
<h2>How We Share Information We Collect?</h2>
<p>We may share your User Personal Information with third-parties under following circumstances:</p>
<h3>With your Consent</h3>
<p>We share your User Personal Information, if you consent, after letting you know what information will be
shared, with whom, and why. For example, if you allow third party applications to access your Account
using
<a href="https://docs.gitea.io/en-us/oauth2-provider/">OAuth2 providers</a>, we share all information
associated with your Account, including private repos and organizations. You may also direct us through
your
action on Hippoz to share your User Personal Information, such as when joining an Organization.
</p>
<h3>With Service Providers</h3>
<p>We share User Personal Information with a limited number of service providers who process it on our
behalf to
provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our
Privacy Statement by signing data protection agreements or making similar commitments. Our service
providers
perform payment processing, customer support ticketing, network data transmission, security, and other
similar services. While Hippoz processes all User Personal Information in the European
Union, our service providers may process data outside of the United States or the European Union.</p>
<h3>For Security Purposes</h3>
<p>If you are a member of an Organization, Hippoz may share your username, Usage Information, and
Device Information associated with that Organization with an owner and/or administrator of the
Organization
who has agreed to the Corporate Terms of Service or applicable customer agreements, to the extent that
such
information is provided only to investigate or respond to a security incident that affects or
compromises
the security of that particular Organization.</p>
<h3>For Legal Disclosure</h3>
<p>Hippoz strives for transparency in complying with legal process and legal obligations. Unless
prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable
effort to notify users of any legally compelled or required disclosure of their information. Hippoz may
disclose User Personal Information or other information we collect about you to law enforcement
if required in response to a valid subpoena, court order, search warrant, a similar government order, or
when we believe in good faith that disclosure is necessary to comply with our legal obligations, to
protect
our property or rights, or those of third parties or the public at large.</p>
<h3>Change in Control or Sale</h3>
<p>We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate
entities or business units. If any such change of ownership happens, we will ensure that it is under
terms
that preserve the confidentiality of User Personal Information, and we will notify you on our Website or
by
email before any transfer of your User Personal Information. The organization receiving any User
Personal
Information will have to honor any promises we made in our Privacy Statement or Terms of Service.</p>
<h3>Aggregate, Non-Personally Identifying Information</h3>
<p>We share certain aggregated, non-personally identifying information with others about how our users,
collectively, use Hippoz, or how our users respond to our other offerings, such as our
conferences or events. For example, we may compile statistics on the open source activity across Hippoz.
</p>
<p>We <b>don't</b> sell your User Personal Information for monetary or other consideration. </p>
<h2>How We Use Your Information?</h2>
<p>We may use your information for following purposes:</p>
<ol>
<li>We use your Registration Information to create your account, and to provide you the Service.</li>
<li>We use your User Personal Information, specifically your username, to identify you on Hippoz.</li>
<li>We use your Profile Information to fill out your Account profile and to share that profile with
other
users if you ask us to.</li>
<li>We use your email address to communicate with you, if you've said that's okay, and only for the
reasons
youve said thats okay.</li>
<li>We use User Personal Information and other data to make recommendations for you, such as to suggest
projects you may want to follow or contribute to. We learn from your public behavior on Hippoz—such
as
the projects you star—to determine your coding interests, and we recommend similar
projects. These recommendations are automated decisions, but they have no legal impact on your
rights.
</li>
<li>We use Usage Information and Device Information to better understand how our Users use Hippoz and to
improve our Website and Service.</li>
<li>We may use your User Personal Information if it is necessary for security purposes or to investigate
possible fraud or attempts to harm Hippoz or our Users.</li>
<li>We may use your User Personal Information to comply with our legal obligations, protect our
intellectual
property, and enforce our Terms of Service.</li>
<li>We limit our use of your User Personal Information to the purposes listed in this Privacy Statement.
If
we need to use your User Personal Information for other purposes, we will ask your permission first.
You
can always see what information we have, how we're using it, and what permissions you have given us
in
your user profile.</li>
</ol>
<h2>How Hippoz Secures Your Information?</h2>
<p>Hippoz takes all measures reasonably necessary to protect User Personal Information from
unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate
use
of User Personal Information.</p>
<p>To the extent above, we enforce a written security information program, which:</p>
<ul>
<li>aligns with industry recognized frameworks;</li>
<li>includes security safeguards reasonably designed to protect the confidentiality, integrity,
availability, and resilience of our Users' data;</li>
<li>is appropriate to the nature, size, and complexity of Hippozs business operations;</li>
<li>includes incident response and data breach notification processes; and</li>
<li>complies with applicable information security-related laws and regulations in the geographic regions
where Hippoz does business.</li>
</ul>
<p>In the event of a data breach that affects your User Personal Information, we will act promptly to
mitigate
the impact of a breach and notify any affected Users without undue delay.</p>
<p>Transmission of data on Hippoz is encrypted using SSH, HTTPS (TLS), and git repository content
is encrypted at rest.</p>
<p><b>Disclaimer:</b> No method of transmission, or method of electronic storage, is 100% secure, therefore,
we
cannot guarantee absolute security.</p>
<h2>Cookies and Tracking Usage</h2>
<h3>Cookies</h3>
<p>We uses cookies to make interactions with our service easy and meaningful. Cookies are small text files
that
websites often store on computer hard drives or mobile devices of visitors. We use cookies (and similar
technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide
information for future development of Hippoz. For security purposes, we use cookies to identify
a device. By using our Website, you agree that we can place these types of cookies on your computer or
device. If you disable your browser or devices ability to accept these cookies, you will not be able to
log
in or use our services.</p>
<h3>Tracking and Analytics</h3>
<p>Out of the box, Gitea doesn't use third-party analytics. In case when we opt in to their usage, we do
that to
help us evaluate our Users' use of Hippoz, compile statistical reports on activity, and improve
our content and Website performance. We only use interal analytics software on certain areas of
our Website.</p>
<h2>Repository Contents</h2>
<p>Our employees do not access private repositories unless required to for security purposes, for support,
to
maintain integrity of the Service, or to comply with our legal obligations. While we don't generally
search
for content in your repositories, we may scan our servers and your content to detect tokens or security
signatures, known malwares, or child exploitation imagery.</p>
<p>If your repository is public, anyone may view its contents. If you include private, confidential or
Sensitive
Personal Information, such as email addresses or passwords, in your public repository, that information
may
be indexed by search engines or used by third parties.</p>
<h2>Public Information</h2>
<p>Many of our services and feature are public-facing. If your content is public-facing, third parties may
access and use it in compliance with our Terms of Service, such as by viewing your profile or
repositories
or pulling data via our API. We do not sell that content; it is yours. However, we do allow third
parties,
such as research organizations or archives, to compile public-facing Hippoz information. Other
third parties, such as data brokers, have been known to scrape Hippoz and compile data as well.
</p>
<p>Your User Personal Information associated with your content could be gathered by third parties in these
compilations of Hippoz data. If you do not want your User Personal Information to appear in
third parties compilations of Hippoz data, please do not make your User Personal Information
publicly available and be sure to configure your email address to be private in your user profile and in
your git commit settings.</p>
<p>If you would like to compile Hippoz data, you must comply with our Terms of Service regarding
scraping and privacy, and you may only use any public-facing User Personal Information you gather for
the
purpose for which our user authorized it. For example, where a Hippoz user has made an email
address public-facing for the purpose of identification and attribution, do not use that email address
for
commercial advertising. We expect you to reasonably secure any User Personal Information you have
gathered
from Hippoz, and to respond promptly to complaints, removal requests, and "do not contact"
requests from Hippoz or Hippoz users.</p>
<p>In similar fashion, projects on Hippoz may include publicly available User Personal Information
collected as part of the collaborative events.</p>
<h2>Organizations</h2>
<p>If you collaborate on or become a member of an Organization, then its Account owners may receive your
User
Personal Information. When you accept an invitation to an Organization, you will be notified of the
types of
information owners may be able to see. If you accept an invitation to an Organization with a verified
domain, then the owners of that Organization will be able to see your full email address(es) within that
Organization's verified domain(s).</p>
<p>Please note, Hippoz may share your username, Usage Information, and Device Information with the
owner of the Organization you are a member of, to the extent that your User Personal Information is
provided
only to investigate or respond to a security incident that affects or compromises the security of that
particular Organization.</p>
<p>If you collaborate with or become a member of an Account that has agreed to a Data Protection Addendum
(DPA)
to this Privacy Policy, then that DPA governs in the event of conflicts between this Privacy Policy and
DPA
with respect to your activity in the Account.</p>
<p>Please contact the Account owners for more information about how they might process your User Personal
Information in their Organization and the ways for you to access, update, alter, or delete the User
Personal
Information stored in the Account.</p>
<h2>How You Can Access and Control the Information We Collect?</h2>
<p>If you're already a Hippoz user, you may access, update, alter, or delete your basic user
information by editing your user profile. You can control the information we collect about you by
limiting
what information is in your profile, or by keeping your information current.</p>
<p>If Hippoz processes information about you, such as information receives from third parties, and
you do not have an account, then you may, subject to applicable law, access, update, alter, delete, or
object to the processing of your personal information by contacting our support.</p>
<h3>Data Portability</h3>
<p>As a Hippoz User, you can always take your data with you. You can clone your repositories to
your computer, or you can <a href="https://docs.gitea.io/en-us/migrations-interfaces/">perform
migrations
using the provided interfaces</a>, for example.</p>
<h3>Data Retention and Deletion of Data</h3>
<p>In general, Hippoz retains User Personal Information for as long as your account is active, or
as needed to provide you service.</p>
<p>If you would like to cancel your account or delete your User Personal Information, you may do so in your
user
profile. We retain and use your information as necessary to comply with our legal obligations, resolve
disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile
(within reason) within 90 days of your request. Feel free to contact our support to request erasure of
the
data we process on the bassis of consent within 30 days.</p>
<p>After an account has been deleted, certain data, such as contributions to other Users' repositories and
comments in others' issues, will remain. However, we will delete or de-identify your User Personal
Information, including your username and email address, from the author field of issues, pull requests,
and
comments by associating them with a ghost user.</p>
<p>That said, the email address you have supplied via your Git commit settings will always be associated
with
your commits in the Git system. If you choose to make your email address private, you should also update
your Git commit settings. We are unable to change or delete data in the Git commit history — the Git
software is designed to maintain a record — but we do enable you to control what information you put in
that
record.</p>
<h2>Our Global Privacy Practices</h2>
<p>We store and process the information that we collect in the European Union in
accordance with this Privacy Statement though our service providers may store and process data outside
the
European Union. However, we understand that we have Users from different countries
and regions with different privacy expectations, and we try to meet those needs even when the European
Union does not have the same privacy framework as other countries.</p>
<p>We provide a high standard of privacy protection—as described in this Privacy Statement—to all our users
around the world, regardless of their country of origin or location, and we are proud of the levels of
notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard
to
comply with the applicable data privacy laws wherever we do business. Additionally, if
our vendors or affiliates have access to User Personal Information, they must sign agreements that
require
them to comply with our privacy policies and with applicable data privacy laws.</p>
<p>In particular:</p>
<ul>
<li>Hippoz provides clear methods of unambiguous, informed, specific, and freely given consent
at the time of data collection, when we collect your User Personal Information using consent as a
basis.
</li>
<li>We collect only the minimum amount of User Personal Information necessary for our purposes, unless
you
choose to provide more. We encourage you to only give us the amount of data you are comfortable
sharing.
</li>
<li>We offer you simple methods of accessing, altering, or deleting the User Personal Information we
have
collected, where legally permitted.</li>
<li>We provide our Users notice, choice, accountability, security, and access regarding their User
Personal
Information, and we limit the purpose for processing it. We also provide our Users a method of
recourse
and enforcement. These are the Privacy Shield Principles, but they are also just good practices.
</li>
</ul>
<h2>How We Communicate with You?</h2>
<p>We use your email address to communicate with you, if you've said that's okay, and only for the reasons
youve said thats okay. For example, if you contact our support with a request, we respond to you via
email. You have a lot of control over how your email address is used and shared on and through Hippoz.
You
may manage your communication preferences in your user profile.</p>
<p>By design, the Git version control system associates many actions with a User's email address, such as
commit
messages. We are not able to change many aspects of the Git system. If you would like your email address
to
remain private, even when youre commenting on public repositories, you can create a private email
address
in your user profile. You should also update your local Git configuration to use your private email
address.
This will not change how we contact you, but it will affect how others see you.</p>
<p>Depending on your email settings, Hippoz may occasionally send notification emails about changes
in a repository youre watching, new features, requests for feedback, important policy changes, or to
offer
customer support. Note that you can opt out of any communications with us, except the important ones
(like from our
support and system emails).</p>
<h2>Changes to this Privacy Policy</h2>
<p>Although most changes are likely to be minor, Hippoz may change our Privacy Statement from time
to time. We will provide notification to Users of material changes to this Privacy Statement through our
Website at least 30 days prior to the change taking effect by posting a notice on our home page or
sending
email to the primary email address specified in your account.</p>
<h2>Contact</h2>
<p>If you have any concerns about privacy, please contact us at <a
href="mailto:privacy@hippoz.xyz">privacy@hippoz.xyz</a>. We will respond promptly,
within 45 days.</p>
<h2>COPYING</h2>
<p>This document is licensed under CC0 Public Domain License. See <a
href="https://creativecommons.org/publicdomain/zero/1.0/legalcode">full legal code here</a>.</p>
</div>
</body>
</html>

127
out/legal/style.css Normal file
View file

@ -0,0 +1,127 @@
@font-face {
font-family: "Manrope";
src: url("Manrope[wght].woff2") format('woff2');
font-weight: normal;
font-style: normal;
}
:root {
--background: #ffffff;
--foreground: #000000;
--accent: #512bd8;
--space-unit: 1em;
--space-xxs: calc(0.25 * var(--space-unit));
--space-xs: calc(0.5 * var(--space-unit));
--space-sm: calc(0.75 * var(--space-unit));
--space-norm: var(--space-unit);
--space-normplus: calc(var(--space-unit) + var(--space-sm));
--space-md: calc(1.25 * var(--space-unit));
--space-lg: calc(2 * var(--space-unit));
--space-xl: calc(3.25 * var(--space-unit));
--space-xxl: calc(5.25 * var(--space-unit));
--h1: 3.052rem;
--h2: 2.441rem;
--h3: 1.953rem;
--h4: 1.563rem;
--h5: 1.25rem;
--small: 0.8rem;
}
html {
font-size: 100%;
}
html,
body {
font-size: clamp(1rem, 1vw, 1.3rem);
font-family: "Manrope", Arial, Helvetica, sans-serif;
margin: 0;
padding: 0;
font-weight: 400;
line-height: 1.75;
color: var(--foreground);
background-color: var(--background);
accent-color: var(--accent);
}
a {
color: var(--accent);
}
.main-container {
width: 55%;
margin-left: auto;
margin-right: auto;
margin-top: 28px;
margin-bottom: 28px;
}
.branding-container {
display: flex;
flex-direction: row;
}
.branding-primary {
color: var(--background);
background-color: var(--foreground);
font-size: var(--h2);
flex-grow: 0;
padding: 0.5rem;
}
.branding-secondary {
font-size: var(--h2);
flex-grow: 0;
border: 1px solid black;
padding: 0.5rem;
}
.showcase-card {
margin-top: var(--space-xxs);
font-size: var(--h5);
}
/* scales */
p {
margin-bottom: 0.4rem;
}
h1,
h2,
h3,
h4,
h5 {
margin: 3rem 0 1.38rem;
font-family: 'Poppins', sans-serif;
font-weight: 400;
line-height: 1.3;
}
h1 {
font-size: var(--h1);
margin-top: 0;
}
h2 {
font-size: var(--h2);
}
h3 {
font-size: var(--h3);
}
h4 {
font-size: var(--h4);
}
h5 {
font-size: var(--h5);
}
small,
.text_small {
font-size: var(--small);
}